|
264281
|
6.5 |
MEDIUM
Network
|
libav
ffmpeg
google
|
libav
ffmpeg
chrome
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000460
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264282
|
6.5 |
MEDIUM
Network
|
plone
|
plone
|
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part…
|
NVD-CWE-noinfo
|
CVE-2017-1000483
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264283
|
5.4 |
MEDIUM
Network
|
plone
|
plone
|
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000482
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264284
|
9.8 |
CRITICAL
Network
|
smarty
|
smarty
|
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
|
CWE-94
Code Injection
|
CVE-2017-1000480
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264285
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you t…
|
CWE-601
Open Redirect
|
CVE-2017-1000481
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264286
|
8.8 |
HIGH
Network
|
opnsense_project
netgate
|
opnsense
pfsense
|
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Fram…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000479
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264287
|
5.4 |
MEDIUM
Network
|
elabftw
|
elabftw
|
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000478
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264288
|
7.5 |
HIGH
Network
|
xmlbundle_project
|
xmlbundle
|
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.
|
CWE-611
XXE
|
CVE-2017-1000477
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264289
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-1000476
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264290
|
6.5 |
MEDIUM
Network
|
mautic
acquia
|
mautic
|
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user…
|
CWE-22
Path Traversal
|
CVE-2017-1000490
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
